WordPress OptimizePress unrestricted file upload

Description

Certain versions of the WordPress theme OptimizePress contain a file that can be used by attackers to upload arbitrary files on the web server and execute the code contained in these files. The vulnerable file is wp-content/themes/OptimizePress/lib/admin/media-upload.php.

Remediation

Delete wp-content/themes/OptimizePress/lib/admin/media-upload.php file.

References